The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
History

Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*

Mon, 21 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2015-03-24T00:00:00

Updated: 2024-08-06T04:26:11.225Z

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0817

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-03-24T00:59:05.843

Modified: 2024-11-21T02:23:46.417

Link: CVE-2015-0817

cve-icon Redhat

Severity : Critical

Publid Date: 2015-03-21T00:00:00Z

Links: CVE-2015-0817 - Bugzilla